stackube

Failed to create roles for new tenants

Bug #1707599 reported by Pengfei Ni
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
stackube
Fix Released
Critical
Pengfei Ni
stackube pike-rc1

Bug Description

While creating new tenants, stackube-controller failed to create the roles:

rbac_controller.go:191] Failed create default-role in namespace john for tenant john: User "system:serviceaccount:kube-system:stackube-controller" cannot create roles.rbac.authorization.k8s.io in the namespace "john". (post roles.rbac.authorization.k8s.io)

And while deleting tenants, stackube-controller failed to remove roles and clusterrolebindings:

E0731 05:58:56.862860 15 tenant_controller.go:131] Failed delete ClusterRoleBinding for tenant john: User "system:serviceaccount:kube-system:stackube-controller" cannot delete clusterrolebindings.rbac.authorization.k8s.io at the cluster scope. (delete clusterrolebindings.rbac.authorization.k8s.io john-namespace-creater)

Pengfei Ni (feiskyer)
Changed in stackube:
status: New → Confirmed
importance: Undecided → Critical
milestone: none → pike-3
milestone: pike-3 → pike-rc1
assignee: nobody → Pengfei Ni (feiskyer)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stackube (master)

Fix proposed to branch: master
Review: https://review.openstack.org/489148

Changed in stackube:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stackube (master)

Reviewed: https://review.openstack.org/489148
Committed: https://git.openstack.org/cgit/openstack/stackube/commit/?id=82b659963e472aae4a33c010b9773cdb7d2080de
Submitter: Jenkins
Branch: master

commit 82b659963e472aae4a33c010b9773cdb7d2080de
Author: Pengfei Ni <email address hidden>
Date: Mon Jul 31 17:23:08 2017 +0800

    Add requires apis to rbac cluster roles

    stackube-controller needs to create/delete roles and rolebindings.
    It also has to visit all apis in order to create tenant's own role.

    Change-Id: I48e8f0aaec00241d30dba818bcc19a3349237a16
    Closes-Bug: 1707599
    Signed-off-by: Pengfei Ni <email address hidden>

Changed in stackube:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.